From: domg472@gmail.com (Dominick Grift)
Date: Fri, 18 Mar 2011 12:03:03 +0100
Subject: [refpolicy] [ apache patch 1/1] Run nginx in the httpd_t domain.
Message-ID: <20110318110259.GA25236@localhost.localdomain>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

http://lists.fedoraproject.org/pipermail/selinux/2011-March/013583.html

Signed-off-by: Dominick Grift <domg472@gmail.com>
---
:100644 100644 9e39aa5... 6d60ffb... M	policy/modules/services/apache.fc
 policy/modules/services/apache.fc |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/policy/modules/services/apache.fc b/policy/modules/services/apache.fc
index 9e39aa5..6d60ffb 100644
--- a/policy/modules/services/apache.fc
+++ b/policy/modules/services/apache.fc
@@ -10,8 +10,10 @@ HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_u
 /etc/httpd/modules			gen_context(system_u:object_r:httpd_modules_t,s0)
 /etc/lighttpd(/.*)?			gen_context(system_u:object_r:httpd_config_t,s0)
 /etc/mock/koji(/.*)? 			gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
+/etc/nginx(/.*)?			gen_context(system_u:object_r:httpd_config_t,s0)
 /etc/rc\.d/init\.d/httpd	--	gen_context(system_u:object_r:httpd_initrc_exec_t,s0)
 /etc/rc\.d/init\.d/lighttpd	--	gen_context(system_u:object_r:httpd_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/nginx	--	gen_context(system_u:object_r:httpd_initrc_exec_t,s0)
 
 /etc/vhosts			--	gen_context(system_u:object_r:httpd_config_t,s0)
 /etc/zabbix/web(/.*)?			gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
@@ -36,6 +38,7 @@ HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_u
 /usr/sbin/apache-ssl(2)?	--	gen_context(system_u:object_r:httpd_exec_t,s0)
 /usr/sbin/httpd(\.worker)?	--	gen_context(system_u:object_r:httpd_exec_t,s0)
 /usr/sbin/lighttpd		--	gen_context(system_u:object_r:httpd_exec_t,s0)
+/usr/sbin/nginx		--	gen_context(system_u:object_r:httpd_exec_t,s0)
 /usr/sbin/rotatelogs		--	gen_context(system_u:object_r:httpd_rotatelogs_exec_t,s0)
 /usr/sbin/suexec		--	gen_context(system_u:object_r:httpd_suexec_exec_t,s0)
 
@@ -77,6 +80,7 @@ ifdef(`distro_suse', `
 /var/lib/drupal(/.*)?			gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
 /var/lib/htdig(/.*)?			gen_context(system_u:object_r:httpd_sys_content_t,s0)
 /var/lib/httpd(/.*)?			gen_context(system_u:object_r:httpd_var_lib_t,s0)
+/var/lib/nginx(/.*)?			gen_context(system_u:object_r:httpd_var_lib_t,s0)
 /var/lib/php/session(/.*)?		gen_context(system_u:object_r:httpd_var_run_t,s0)
 /var/lib/squirrelmail/prefs(/.*)?	gen_context(system_u:object_r:httpd_squirrelmail_t,s0)
 
@@ -86,6 +90,7 @@ ifdef(`distro_suse', `
 /var/log/cgiwrap\.log.*		--	gen_context(system_u:object_r:httpd_log_t,s0)
 /var/log/httpd(/.*)?			gen_context(system_u:object_r:httpd_log_t,s0)
 /var/log/lighttpd(/.*)?			gen_context(system_u:object_r:httpd_log_t,s0)
+/var/log/nginx(/.*)?			gen_context(system_u:object_r:httpd_log_t,s0)
 /var/log/piranha(/.*)?			gen_context(system_u:object_r:httpd_log_t,s0)
 
 ifdef(`distro_debian', `
@@ -97,6 +102,7 @@ ifdef(`distro_debian', `
 /var/run/httpd.*			gen_context(system_u:object_r:httpd_var_run_t,s0)
 /var/run/lighttpd(/.*)?			gen_context(system_u:object_r:httpd_var_run_t,s0)
 /var/run/mod_.*				gen_context(system_u:object_r:httpd_var_run_t,s0)
+/var/run/nginx.*				gen_context(system_u:object_r:httpd_var_run_t,s0)
 /var/run/wsgi.*			-s	gen_context(system_u:object_r:httpd_var_run_t,s0)
 
 /var/spool/gosa(/.*)?			gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
-- 
1.7.4

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20110318/b8c876e0/attachment.bin